<?php

/**
 * 73yc 订单API接口管理
 * ============================================================================
 * 版权所有 2005-2010 上海商派网络科技有限公司，并保留所有权利。
 * 网站地址: http://www.ecshop.com；
 * ----------------------------------------------------------------------------
 * 这不是一个自由软件！您只能在不用于商业目的的前提下对程序代码进行修改和
 * 使用；不允许对程序代码以任何形式任何目的的再发布。
 * ============================================================================
 * $Author: yehuaixiao $
 * $Id: order.php 17219 2011-01-27 10:49:19Z yehuaixiao $
 */

define('IN_ECS', true);

require('includes/init.php');
require(ROOT_PATH . 'includes/cls_json.php');
include_once(ROOT_PATH . 'includes/lib_passport.php');
/* 载入语言文件 */
require_once(ROOT_PATH . 'languages/' .$_CFG['lang']. '/user.php');
include_once('includes/cls_json.php');
$json = new JSON;

// 判断是否合法接入
if($_REQUEST['KeyID']!='21232f297a57a5a743894a0e4a801fc3' || $_REQUEST['KeyPass']!='0192023a7bbd73250516f069df18b500' || $_SERVER['REMOTE_ADDR'] != '42.96.149.21')
{
    // 进一步判断是否同步登录
    if(!$_REQUEST['UN'] || !$_REQUEST['SK'] || strlen($_REQUEST['SK']) != '32' || $_SESSION['user_id']) exit;
    // 通过验证是否存在同步登录，如果是，则加入session
    $sql = "SELECT userid, ip, user_name, email FROM " . $GLOBALS['ecs']->table('sessions') . " WHERE sesskey = '$_REQUEST[SK]' AND ip = '42.96.149.21' AND user_name = '$_REQUEST[UN]'";
    $result = $GLOBALS['db']->getRow($sql);
    if($result){
        $_SESSION['user_id'] = $result['userid'];
        $_SESSION['user_name'] = $result['user_name'];
        $_SESSION['email'] = $result['email'];
        $sql = "DELETE FROM " . $GLOBALS['ecs']->table('sessions') . " WHERE sesskey = '$_REQUEST[SK]' AND ip = '42.96.149.21' AND user_name = '$_REQUEST[UN]'";
        $GLOBALS['db']->query($sql);
    }
    exit;
}
/*------------------------------------------------------ */
//-- 格式化数据
/*------------------------------------------------------ */

$username = isset($_REQUEST['username']) ? trim($_REQUEST['username']) : '';
$password = isset($_REQUEST['password']) ? trim($_REQUEST['password']) : '';
$email    = isset($_REQUEST['email']) ? trim($_REQUEST['email']) : '';

//提交注册
if ($_REQUEST['act'] == 'register')
{

    /* 增加是否关闭注册 */
    if ($_CFG['shop_reg_closed'])
    {
        $smarty->assign('action',     'register');
        $smarty->assign('shop_reg_closed', $_CFG['shop_reg_closed']);
        $smarty->display('user_passport.dwt');
    }
    else
    {
        if (strlen($username) < 6)
        {
            $result['error']   = 1;
            $result['content']   = '用户名不能少于6位字符';            
            die($json->encode($result));
        }

        if (strlen($password) < 6)
        {
            $result['error']   = 1;
            $result['content']   = '用户名不能少于6位字符';            
            die($json->encode($result));
        }

        if (strpos($password, ' ') > 0)
        {
            $result['error']   = 1;
            $result['content']   = '密码不能存在空格';            
            die($json->encode($result));
        }

        if (preg_match('/\'\/^\\s*$|^c:\\\\con\\\\con$|[%,\\*\\"\\s\\t\\<\\>\\&\'\\\\]/', $username))
        {
            $result['error']   = 1;
            $result['content']   = '用户名包含非法字符';            
            die($json->encode($result));
        }

        /* 检查是否和管理员重名 */
        if ($user->check_user($username) || admin_registered($username) || $user->check_email($username))
        {
            $result['error']   = 1;
            $result['content']   = '用户名已被使用';            
            die($json->encode($result));
        }

        if ($user->check_user($email) || admin_registered($email) || $user->check_email($email)){
            $result['error']   = 1;
            $result['content']   = '邮箱已经被使用';            
            die($json->encode($result));
        }

        if (register_73yw($username, $password, $email) !== false)
        {
            $sql = "SELECT user_id, email, user_name FROM " . $GLOBALS['ecs']->table('users') . " WHERE user_name = '$username'";
            $result = $GLOBALS['db']->getRow($sql);
            $result['error']   = 0;

            $_SESSION['user_id'] = $result['user_id'];
            $_SESSION['user_name'] = $result['user_name'];
            die($json->encode($result));
        }
        else
        {
            $result['error']   = 1;
            $result['content']   = '出现未知错误，请联系管理员';            
            die($json->encode($result));
        }
    }
}
elseif($_REQUEST['act'] == 'check_user'){
    if ($user->check_user($username) || admin_registered($username) || $user->check_email($username))
    {
        $result['error']   = 1;
        $result['content']   = '用户名已被使用';            
        die($json->encode($result));
    }
}
elseif($_REQUEST['act'] == 'check_email'){
    if ($user->check_user($email) || admin_registered($email) || $user->check_email($email)){
        $result['error']   = 1;
        $result['content']   = '邮箱已经被使用';            
        die($json->encode($result));
    }
}
/* 处理 ajax 的登录请求 */
elseif ($_REQUEST['act'] == 'signin')
{

    $password = substr($password,5,intval($_REQUEST['code']));
    $result   = array('error' => 0, 'content' => $password);
    if ($user->login($username, $password))
    {
        update_user_info();  //更新用户信息
        $user_info = get_user_info();
        $smarty->assign('user_info', $user_info);
        $ucdata = empty($user->ucdata)? "" : $user->ucdata;
        $_SESSION['user_id'] = $user_info['user_id'];
        $_SESSION['user_name'] = $user_info['user_name'];
        $result['ucdata'] = $ucdata;
        $result['user_info'] = $user_info;
        $result['session_key'] = SESS_ID;
        $result['content'] = $smarty->fetch('library/member_info.lbi');
    }
    else
    {
        $_SESSION['login_fail']++;
        if ($_SESSION['login_fail'] > 4)
        {
            $smarty->assign('enabled_captcha', 2);
            $result['html'] = $smarty->fetch('library/member_info.lbi');
        }
        $result['error']   = 1;
        $result['content'] = $_LANG['login_failure'];
    }
    die($json->encode($result));
}

/**
 * 用户注册，登录函数
 *
 * @access  public
 * @param   string       $username          注册用户名
 * @param   string       $password          用户密码
 * @param   string       $email             注册email
 * @param   array        $other             注册的其他信息
 *
 * @return  bool         $bool
 */
function register_73yw($username, $password, $email)
{
    $time = time();
    //注册成功
    $sql = 'INSERT INTO ' . $GLOBALS['ecs']->table('users') . ' (`user_name`, `password`, `email`, `reg_time`) VALUES ' . " ('$username', '$password', '$email', '$time')";
    if($GLOBALS['db']->query($sql)){
        /* 设置成登录状态 */
        $GLOBALS['user']->set_session($username);
        $GLOBALS['user']->set_cookie($username);
        update_user_info();      // 更新用户信息
        return true;
    }else{
        return false;
    }
}

?>
